gcleaner | b42a7d85d7353d56a810e4de437ba65e108d38e8098a408fd491ec96576a362d | Triage

Sharing

General

Target

b42a7d85d7353d56a810e4de437ba65e108d38e8098a408fd491ec96576a362d
Size

2.0MB
Sample

241005-cm6v5azbnj
MD5

6934d931450f98f4ed12f881040a313b
SHA1

efbf96a7484b17c37adbae865e3e81e9a1634dd7
SHA256

b42a7d85d7353d56a810e4de437ba65e108d38e8098a408fd491ec96576a362d
SHA512

72fbf2f66eb63f4c2e1fbb79fe9869682de06d2d347db78aaa90668940329032d4baa9570c4987fc6f0dac8c4b9e1b10b43468ae7f7fdf002515c86ae2a5f270
SSDEEP

49152:6inmpGptWc5epmDBBgKNSjg1N0hd20x0LgwjLX/nvYX0mj:6inDHF2Kkjg1Whd2jzjLvvYD

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Targets

- Target
  
  b42a7d85d7353d56a810e4de437ba65e108d38e8098a408fd491ec96576a362d
- Size
  
  2.0MB
- MD5
  
  6934d931450f98f4ed12f881040a313b
- SHA1
  
  efbf96a7484b17c37adbae865e3e81e9a1634dd7
- SHA256
  
  b42a7d85d7353d56a810e4de437ba65e108d38e8098a408fd491ec96576a362d
- SHA512
  
  72fbf2f66eb63f4c2e1fbb79fe9869682de06d2d347db78aaa90668940329032d4baa9570c4987fc6f0dac8c4b9e1b10b43468ae7f7fdf002515c86ae2a5f270
- SSDEEP
  
  49152:6inmpGptWc5epmDBBgKNSjg1N0hd20x0LgwjLX/nvYX0mj:6inDHF2Kkjg1Whd2jzjLvvYD
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader